Security Tips

Phishing attack warning

“Phishing” (pronounced as fishing) is the latest and fastest growing from of information theft. The process is called “Phishing” because it uses e-mail lures and scare tactics to “fish” for sensitive personal information – including passwords, credit card numbers, and account information – from a wide “sea” of unsuspecting PC Users. One e-mail Phishing expedition can potentially reach millions of internet users.

So how exactly does phishing work?

You will receive an unexpected e-mail that looks like it is coming from a bank or financial services company. The e-mail will ask you to send account details and sometimes a PIN by return e-mail or will direct you to a web site that is a fraudulent – and often convincing – duplication of the Bank or financial services company's office site.

The e-mail may scare you by saying “ your account has been or may be frozen”, “your credit card has been cancelled”, “we are updating our software, please confirm your data”, or any number of other creative ploys. Unsuspecting people who fall victim to these ploys sends their personal information and the “phishers”, in turn, commit identity theft and other fraudulent activities, such as withdrawing your money or using your credit card at their leisure.

How can you protect yourself against a phishing attack

  • Remember that no bank will ever ask you for personal, account, or PIN information by e-mail.
  • If you need to go to your banking or online service, use your own tried and trusted method (e.g. by using your own link in your Internet “Favorites” or by typing the site's URL into your browser window yourself).
  • Never reply to the suspected phishing e-mail to figure out if it is legitimate. Please just delete this type of e-mail.
  • If an e-mail looks suspicious, contact the bank cited in the suspected phishing e-mail with a phone number you know to be genuine, to verify if the e-mail is authentic.

Remember that SCB or its staff will never ask customers to disclose their identity number, and PIN or any other confidential information via regular e-mail or on an unsecured web site. If at any time you suspect that an e-mail may be fraudulent, contact the SCB Information Security Division atsecurity@scb.co.th

An example of the phishing e-mail

ABCDBank

Dear ABCDBank customer,

Recently there have been a large number of indentity theft attempts targeting ABCDBank customers. In order to safeguard your account, we require that you confirm your banking details.

This process is mandatory, and if not completed within the nearest time your account may be subject to temporary suspension.

To securely confirm your ABCDBank account details please go to:

https://web.ca.abcdbank.com/signin/scripts/login/user_setup.jsp

Thank you for you prompt attention to this matter and thank you for using ABCDBank!

ABCDBank® Identity Theft Solution

Do not reply to this email as it is an unmonitored alias

A member of ABCDBank
Copyright © 2004 ABCDBank